Office of Federal Student Aid · U.S. Department of Education

We collect no personal information about you unless you choose to provide that information to us. When we do collect information about you, we only collect the information we need to provide you or someone in your family student financial assistance. We share the information you provide us only with those who are authorized to see it, under Federal law.

Non-personal information we collect

Certain information about your visit can be collected when you browse websites. During your visit to StudentLoans.gov, we, and in some cases our third-party service providers, can collect the following types of information about your visit:

Domain (e.g., comcast.com, if you are using a Comcast account) from which you accessed the internet

IP address (an IP or internet protocol address is a number that is automatically assigned to a device connected to the web)

Device type (desktop computer, tablet, or type of mobile device)

Type of operating system that you use (such as Macintosh, Unix, or Windows)

Type of browser (such as "Chrome version x" or "Internet Explorer version x") that you use when visiting the site

Date and time of your visit

Web pages you visited on the site

Address of the website that connected you to StudentLoans.gov (such as google.com or bing.com)

Screen resolution

Browser language

Geographic location

Time spent on page

Scroll depth (i.e., how much of a web page was viewed)

User events (things you do on the site, e.g., clicking on a button)

Federal Student Aid uses this information for statistical analysis to help make our site more useful to visitors and to improve our public education and outreach. Federal Student Aid's staff analyzes the data collected from web analytics tools. The data and resulting reports are available only to Federal Student Aid managers, members of Federal Student Aid's communications and web teams, and other designated federal staff and contractors who need this information to perform their duties.

Cookies from StudentLoans.gov web pages collect information only about your browser's visit to the site. They do not collect any personal information about you.

There are two types of cookies:

Session cookies: We use temporary session cookies for technical purposes such as enabling better navigation through our site. These temporary cookies let our server know that you're continuing a visit to our site. The OMB Memo 10-22 guidance defines our use of temporary session cookies as "Usage Tier 1-Single Session." The guidance states, "This tier encompasses any use of single-session web measurement and customization technologies." A single-session cookie lasts only as long as your web browser is open. Once you close your browser, the cookie disappears.

Persistent cookies: We use persistent cookies to enable Google Analytics (third-party analytics providers) tracking. Persistent cookies from Google Analytics remain on your device between visits to StudentLoans.gov for up to two years. Other third-party tools on the site use persistent cookies, which can be stored on a user's local system and are set to expire at varying time periods depending upon the cookie. The OMB Memo 10-22 guidance defines our use of persistent cookies as "Usage Tier 2-Multi-session without PII (personally identifiable information)." The guidance states, "This tier encompasses any use of multi-session web measurement and customization technologies when no PII is collected."

StudentLoans.gov uses third-party analytics providers (e.g., Google Analytics) to analyze the data collected through the session and persistent cookies. These third-party analytics providers do not receive PII through these cookies and do not combine, match, or cross-reference StudentLoans.gov information with any other information. We view aggregate statistical analyses prepared by our third-party analytics providers, and these analyses do not include any PII. We do not sell, rent, exchange, or otherwise disclose this information to individuals or organizations.

Pursuant to OMB Memo 10-22, the session and persistent cookies collect information similar to that automatically received and stored on the servers hosting StudentLoans.gov. These servers do not collect PII, and StudentLoans.gov does not access or store the raw information collected through these cookies.

How to Opt Out or Disable Cookies

Your website browser's standard setting enables cookies by default. If you do not wish to have session or persistent cookies stored on your machine, find out how to opt out or disable cookies in your browser. You will still have access to all the information and resources throughout the StudentLoans.gov website. However, turning off cookies may affect the functioning of some content within StudentLoans.gov. Be aware that disabling cookies in your browser will affect cookie usage at all other websites you visit as well.

How Long Federal Student Aid Keeps Data

Federal Student Aid will keep data long enough to achieve the specified objective for which the data were collected. The StudentLoans.gov site issues session cookies-cookies that expire when you close your browser, ending your session on the site. Third-party tools on the site use persistent cookies, which can be stored on a user's local system and are set to expire at varying time periods depending upon the cookie. You can opt out or disable cookies in your browser.

This information is then used to maintain the website including monitoring site stability, measuring site traffic, optimizing site content, and helping make the site more useful to visitors. You can opt out or disable tracking in your browser.

Digital Advertising Tools for Outreach and Education

Federal Student Aid uses third-party tools to support our digital advertising outreach and education efforts. These tools enable Federal Student Aid to reach new people and provide information to previous visitors. In order to use these tools, we may use the following technologies on StudentLoans.gov:

Click Tracking: Federal Student Aid may use click tracking to identify the messaging and/or ads that are most helpful to consumers and efficient for outreach. This enables Federal Student Aid to improve the performance of messaging or ads that consumers click on. When users click on links from any messaging or ad, data about what ad was viewed is collected. Reports are generated about ad performance, including the total number of views and clicks an ad received. You can opt out or disable tracking in your browser.

Conversion Tracking: Federal Student Aid may use conversion tracking to identify ads that are helpful to consumers and efficient for outreach. This enables Federal Student Aid to improve the performance of ads viewed by consumers. When a StudentLoans.gov ad is viewed on a third-party site (e.g., a banner ad), a cookie is placed in the browser of the device the ad was viewed on. If this device later visits StudentLoans.gov, the visit is linked to the ad viewed on the same device. This information helps Federal Student Aid determine which messaging and/or ads are more likely to generate visits to our websites. You can opt out or disable tracking in your browser. You also can click on the "AdChoices" icon in the corner of our ads to opt-out of this ad targeting. Users who have set their browser to "Do Not Track" will automatically be opted out of conversion tracking.

Other Tools

Many of the tools Federal Student Aid uses to gather visitor data and monitor the health of StudentLoans.gov, such as Google Analytics, are deployed using Tealium iQ. Tealium iQ gives Federal Student Aid and its staff and contractors an easy way to manage these tools.

In the future, Federal Student Aid may consider using additional third-party tools that may improve site performance or customer outreach. Federal Student Aid will provide information on any new tools used on StudentLoans.gov below:

Federal Student Aid uses the third-party tool Crazy Egg on StudentLoans.gov. Crazy Egg is a tool that creates visual displays of overall site visitor activity on the website. If you wish to opt out of Crazy Egg collecting information when you visit StudentLoans.gov, please see the Crazy Egg opt-out instructions.

Security and Intrusion Detection

For security purposes and to make sure this service remains available to all users, we use special software programs for monitoring network traffic to identify unauthorized attempts to upload or change information, or otherwise to cause damage to this government computer system. These programs collect no personally identifiable information, but they do collect information that could help us identify someone attempting to tamper with this web site.

Except for authorized law enforcement investigations, we make no other attempts to identify individual users or their usage habits. We only use raw monitoring data logs for determining trends in usage patterns and in diagnosing system problems.

Information from e-mail you send to us

If you decide to send us an electronic mail message (e-mail), the message will usually contain your return e-mail address. If you include personally-identifying information in your e-mail because you want us to help you with a specific problem, we may use that information in contacting other federal agencies or our partners (such as colleges, lenders, or state agencies) about your student aid. In other limited circumstances, including requests from Congress or limited other parties, we may be required by law to disclose information that you submit.

Also, e-mail is not necessarily secure against interception. If your communication is very sensitive, or includes personal information such as data from your tax return or student loan account, you may prefer to send it by postal mail to:

Office of Federal Student AidP.O. Box 84Washington, DC 20044-0084

Loan-related information collected

All the information provided (your driver's license number, the name and addresses of references, etc.) is protected, once it is submitted.

More about privacy and your student aid records

If you have applied for federal student aid or have received a federal student loan, the Office of Federal Student Aid is authorized to maintain a record of all transactions related to your application or loan.

Review the System of Records notices, which list the authorized disclosures and the safeguards for Office of Federal Student Aid systems under the Privacy Act of 1974, as amended. The systems that apply specifically to loans that you receive under the Direct Loan Program are #18-11-05 called Title IV Program Files and #18-11-06 called National Student Loan Data System (NSLDS).

The fact that you have completed an electronic Master Promissory Note (MPN), Direct PLUS Loan Request or Entrance Counseling will be communicated to the school for which you are borrowing the money. The privacy of financial aid records (and admission, enrollment, and other records) kept by an educational institution is protected by the Family Educational Rights and Privacy Act. Click here to read the FERPA regulations.

INTRODUCTION TO PRIVACY IMPACT ASSESSMENT

Section 208 of the E-Government Act of 2002 (P.L.107-347) requires FSA to complete a Privacy Impact Assessment for each new system that collects information from the public through the Internet.

During the Definition Phase of the FSA Solution Lifecycle, the System Security Officer must make sure that the team completes the attached Privacy Impact Assessment Questionnaire, must have it reviewed by the Chief Information Officer or equivalent official, and must file the completed form in the system's Security Notebook as part of the system's documentation. This Privacy Impact Assessment must also be made publicly available.

Officials and organizational components involved in the analysis and review of the Privacy Impact Assessment included the following: Department of Education Office of the Chief Information Officer, Federal Student Aid (FSA) CIO Computer Security Officer, and COD management, including the System Security Officer.

What information will be collected for the system (Ex. Name, Social Security Number, annual income, etc)?

The COD system receives, processes and stores privacy act related data, such as names, social security numbers, current address, date of birth, place of birth, telephone numbers, and dollar amounts.

The general public does not have access to COD.

Why is this information being collected?

The information is provided by the student applicants and the schools participating in the Title IV Higher Education Student Financial Aid Programs to enable the administration of the Federal Title IV grants and loans by the Department. The Title IV loans and grants are used by eligible students to attend those schools.

How will FSA use this information?

FSA/COD uses this student-level detail to book loans, account for awarded grants and to enable the Department to reconcile school cash drawdowns from the Treasury to individual student disbursements.

This information also is used to ensure the respective schools receive the appropriate amount of dollars during the respective time periods.

Will this information be shared with any other agency? If so, with which agency or agencies?

Not routinely (This information can be made available for a civil or criminal law enforcement activity that is authorized by law, upon a written request by the agency).

Describe the notice or opportunities for consent would be/ or are provided to individuals about what information is collected and how that information is shared with others organizations. (e.g., posted Privacy Notice)

Extensive Privacy Act notices are posted at the web site of the Free Application for Federal Student Aid (FAFSA®) form at StudentAid.gov/fafsa. The basis for the data sent to COD by colleges is the FAFSA®, which is filled out by student applicants first. The FAFSA® is an OMB approved data collection instrument (OMB #1845-0001)

How will the information be secured?

All information is protected by a secure FSA ID or password and is monitored by automated and manual controls.

COD is developed and maintained under a contract with Accenture, and is housed within a secure facility run under a subcontract with TSYS Inc., one of the largest credit card processors in the world.

Interfacing ED systems are operated for the most part within FSA's Virtual Data Center (VDC), located in Plano, TX, which provides the respective security controls. The COD data is encrypted as it moves between COD system interfaces.

System administrators outside of the VDC provide comparable security controls to protect the system and the information contained therein.

Is a system of records being created or updated with the collection of this information? (A system of record is created when information can be retrieved from the system by the name of the individual or an identifying number, symbol or other identifying particular assigned to an individual. Also, in responding to this question a helpful reference may be to the system's System of Record organization step completed in the Definition phase of the Solution Lifecycle process.)

A system of records notification has been submitted to update the previous system of record notification for the TEACH Program.